Hello everyone! I have an error trying to do a

pulumi refresh

and maybe someone got the same error, its related to azure and DnsZones:

error: Preview failed: refreshing urn:pulumi:my-stack::infra.pulumi::azure:dns/zone:Zone::<http://my-url.com|my-url.com>: 1 error occurred:
    	* parsing "/subscriptions/my-subscription-id/resourceGroups/my-resource-group/providers/Microsoft.Network/dnszones/my-url.com": parsing segment "staticDnsZones": expected the segment "dnszones" to be "dnsZones"

any idea? Thanks! 🙂

Hi, how can I translate these two lines to Pulumi:

$graphId = az ad sp list --query "[?appDisplayName=='Microsoft Graph'].appId | [0]" --all

$graphResourceId = az ad sp list --query "[?appDisplayName=='Microsoft Graph'].id | [0]" --all

Hello, I have a question, is there a way to add files to a storage blob in Azure that are not from my local files, that is, host my files on some page and extract those files for my blob, it is for a static website within a storage account in azure I use python language

How se set this (sql server) by Polumi dotnet? Thanls.

Hello, does anyone have any idea how to reference the ids of the components in an application gateway in azure native?

gateway_ip_configurations=[network.ApplicationGatewayIPConfigurationArgs(
    name=data_conf["appGateway_conf"]["gateway_ip_configurations"]["name"],
    subnet=network.SubnetArgs(
        id=gateway_sbnt.id,
    ),
)],
frontend_ip_configurations=[network.ApplicationGatewayFrontendIPConfigurationArgs(
    name=data_conf["appGateway_conf"]["frontend_ip_configurations"]["name"],
    public_ip_address=network.PublicIPAddressArgs(
        id=gateway_public_ip.id
    )
)],
frontend_ports=[network.ApplicationGatewayFrontendPortArgs(
    name=data_conf["appGateway_conf"]["frontend_ports"]["name"],
    port=data_conf["appGateway_conf"]["frontend_ports"]["port"],
)],
backend_address_pools=[network.ApplicationGatewayBackendAddressPoolArgs(
    name=data_conf["appGateway_conf"]["backend_address_pools"]["name"],
    backend_addresses=[network.ApplicationGatewayBackendAddressArgs(
        ip_address=VM_nic.ip_configurations[0].private_ip_address) for VM_nic in VM_nics]
)],
backend_http_settings_collection=[network.ApplicationGatewayBackendHttpSettingsArgs(
    name= data_conf["appGateway_conf"]["backend_http_settings_collection"]["name"],
    cookie_based_affinity=data_conf["appGateway_conf"]["backend_http_settings_collection"]["cookie_based_affinity"],
    port=data_conf["appGateway_conf"]["backend_http_settings_collection"]["port"],
    protocol=data_conf["appGateway_conf"]["backend_http_settings_collection"]["protocol"],
    request_timeout=data_conf["appGateway_conf"]["backend_http_settings_collection"]["request_timeout"]
)],
http_listeners=[network.ApplicationGatewayHttpListenerArgs(
    name= data_conf["appGateway_conf"]["http_listeners"]["name"],
    protocol=data_conf["appGateway_conf"]["http_listeners"]["protocol"],
    frontend_ip_configuration=network.SubResourceArgs(id=pulumi.Output.all(resourcegroup.name).apply(lambda args: f"/subscriptions/{data_conf['subscription_id']}/resourceGroups/{args[0]}/providers/Microsoft.Network/applicationGateways/frontendIPConfigurations/{data_conf['appGateway_conf']['frontend_ip_configurations']['name']}")),
    frontend_port=network.SubResourceArgs(id=pulumi.Output.all(resourcegroup.name).apply(lambda args:f"/subscriptions/{data_conf['subscription_id']}/resourceGroups/{args[0]}/providers/Microsoft.Network/applicationGateways/frontendPorts/{data_conf['appGateway_conf']['frontend_ports']['name']}")),
)],
request_routing_rules=[network.ApplicationGatewayRequestRoutingRuleArgs(
    name=data_conf["appGateway_conf"]["request_routing_rules"]["name"],
    rule_type=data_conf["appGateway_conf"]["request_routing_rules"]["rule_type"],
    priority=data_conf["appGateway_conf"]["request_routing_rules"]["priority"],
    http_listener=network.SubResourceArgs(id= pulumi.Output.all(resourcegroup.name).apply(lambda args: f"/subscriptions/{data_conf['subscription_id']}/resourceGroups/{args[0]}/providers/Microsoft.Network/applicationGateways/httpListeners/{data_conf['appGateway_conf']['http_listeners']['name']}")),
    backend_address_pool=network.SubResourceArgs(id=pulumi.Output.all(resourcegroup.name).apply(lambda args: f"/subscriptions/{data_conf['subscription_id']}/resourceGroups/{args[0]}/providers/Microsoft.Network/applicationGateways/backendAddressPools/{data_conf['appGateway_conf']['backend_address_pools']['name']}")),
    backend_http_settings=network.SubResourceArgs(id=pulumi.Output.all(resourcegroup.name).apply(lambda args: f"/subscriptions/{data_conf['subscription_id']}/resourceGroups/{args[0]}/providers/Microsoft.Network/applicationGateways/backendHttpSettingsCollection/{data_conf['appGateway_conf']['backend_http_settings_collection']['name']}")),
)]

marks me this error

azure-native:network:ApplicationGateway (ApplicationGateway1-654-archie-nonprod-eaus2):
    error: Code="InvalidRequestFormat" Message="Cannot parse the request." Details=[{"code":"InvalidJsonReferenceFormat","message":"Reference Id /subscriptions/8e23e0ca-e424-495e-b142-813621dbb51f/resourceGroups/rg-archie-nonprod-eaus2/providers/Microsoft.Network/applicationGateways/frontendIPConfigurations/frontend_ip_configuration_appgateway is not formatted correctly. The Id is expected to reference resources of type applicationGateways/frontendIPConfigurations. Path properties.httpListeners[0].properties.frontendIPConfiguration."},{"code":"InvalidJsonReferenceFormat","message":"Reference Id /subscriptions/8e23e0ca-e424-495e-b142-813621dbb51f/resourceGroups/rg-archie-nonprod-eaus2/providers/Microsoft.Network/applicationGateways/frontendPorts/frontend_port_appgateway is not formatted correctly. The Id is expected to reference resources of type applicationGateways/frontendPorts. Path properties.httpListeners[0].properties.frontendPort."},{"code":"InvalidJsonReferenceFormat","message":"Reference Id /subscriptions/8e23e0ca-e424-495e-b142-813621dbb51f/resourceGroups/rg-archie-nonprod-eaus2/providers/Microsoft.Network/applicationGateways/backendAddressPools/vm_pools is not formatted correctly. The Id is expected to reference resources of type applicationGateways/backendAddressPools. Path properties.requestRoutingRules[0].properties.backendAddressPool."},{"code":"InvalidJsonReferenceFormat","message":"Reference Id /subscriptions/8e23e0ca-e424-495e-b142-813621dbb51f/resourceGroups/rg-archie-nonprod-eaus2/providers/Microsoft.Network/applicationGateways/backendHttpSettingsCollection/http_setting_appgateway is not formatted correctly. The Id is expected to reference resources of type applicationGateways/backendHttpSettingsCollection. Path properties.requestRoutingRules[0].properties.backendHttpSettings."},{"code":"InvalidJsonReferenceFormat","message":"Reference Id /subscriptions/8e23e0ca-e424-495e-b142-813621dbb51f/resourceGroups/rg-archie-nonprod-eaus2/providers/Microsoft.Network/applicationGateways/httpListeners/http_listener_appgateway is not formatted correctly. The Id is expected to reference resources of type applicationGateways/httpListeners. Path properties.requestRoutingRules[0].properties.httpListener."}]

Hi all, just wondering if there was any work done on converting this across to Pulumi? https://techcommunity.microsoft.com/t5/azure-tools-blog/announcing-our-new-subscription-vending-iac-modules-for-bicep/ba-p/3770617 - Python/Go/TS?

hello guys, a question, is it possible to send folders stored on the internet with the

pulumi_synced_folder

package, it is to add files to my blob from my static website in azure, for example download the folder in the same

AzureBlobFolder

resource

Feature Request: Is it possible to have a slimmed down version of the azure-native package referencing only the lates versions of the apis? It's still consuming most of the minutes we have in CI just to install the package (around 2-3mins in a

npm ci

). I normally don't specify version of the apis so it would make sense to only use the latest one. And this also helps on typescript not hanging for code completion in vscode.

Hi, I want to create a function app using pulumi+python. Does anyone use azure-native for that? I found web.webApp and web.webappfunction, but I do not know which one to use!. There is also appservice.FunctionApp in azure classic. Any suggestion or example is very welcome. Thanks

This message was deleted.

Hi, I want to initialize postgresdb using Pulumi. The creation of the db was successful. There is an AzurePowerShellscipt resource in Pulumi, and I thought it could be useful. The shell runs a Python script with arguments (db_name, server_name, user, token as password,...). I have tried it but got a parsing error. Did anyone do something similar? Any tips or suggestions are welcome :)

We are setting the

azure-native:clientId

and

azure-native:clientSecret

properties in the stack YAML to authenticate against Azure. Now, in the same code that is executed by Pulumi, we would like to access Azure Key Vault using the Microsoft SDK. However, just providing

new DefaultAzureCredential()

to the Key Vault client does not work. Is there a way to authenticate to Key Vault using the same identity that's defined by the

azure-native:clientId

and

azure-native:clientSecret

variables?

Hi! I'm trying to setup keyvault backed pulumi on Azure, but the following command fails during the stack init process:

pulumi new \
       --secrets-provider="azurekeyvault:<http://xxxxxxxx.vault.azure.net/keys/xxxx|xxxxxxxx.vault.azure.net/keys/xxxx>" \
       azure-typescript

The error I get is this:

Sorry, could not create stack 'dev': invalid keyID "https://"; must match ^(https://.+\.vault\.(?:[a-z\d-.]+)/)keys/(.+)$ []

Any idea what is going on?

I've been struggling with setting up a keyvault backed pulumi for hours now, I can never get past the stack creation process due to the following error:

Sorry, could not create stack 'dev': secrets (code=PermissionDenied): keyvault.BaseClient#Encrypt: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="Caller is not authorized to perform action on resource.\r\nIf role assignments, deny assignments or role definitions were changed recently, please observe propagation time.
Caller: appid=[REDACTED];oid=[REDACTED];iss=<https://sts.windows.net/[REDACTED]/>
Action: 'Microsoft.KeyVault/vaults/keys/encrypt/action'
Resource: '/subscriptions/[REDACTED]/resourcegroups/[REDACTED]/providers/microsoft.keyvault/vaults/[REDACTED]/keys/pulumi'
Assignment: (not found)
DecisionReason: 'DeniedWithNoValidRBAC'
Vault: [REDACTED];location=[REDACTED]" InnerError={"code":"ForbiddenByRbac"}

After trying everything I can think of I've now assigned the service principal to Owner of the key vault and still I get the same error. Any ideas what I'm doing wrong? Command:

pulumi new \
         --secrets-provider="<azurekeyvault://xxxxxxxxx.vault.azure.net/keys/xxxx>" \
         azure-typescript

Environment vars:

AZURE_STORAGE_ACCOUNT=[REDACTED]
AZURE_STORAGE_KEY=[REDACTED]
AZURE_CLIENT_ID=[REDACTED]
AZURE_CLIENT_SECRET=[REDACTED]
AZURE_TENANT_ID=[REDACTED]

Hi, when upgrading from v1.x.x to v2.x.x pulumi wants to recreate my AKS cluster after changing SKU from basic to base. Is there anyway to avoid this or am i forced to recreate the cluster because of changes to the SKU in the new API?

Anyone could help me with this? https://github.com/pulumi/pulumi-azure-native/issues/2702

Anyone have any experiences / samples on provisioning Azure Front Door WAF Policies / Security policies with Python? Trying to provision a network.WebApplicationFirewallPolicy & cdn.SecurityPolicy but keep getting the not to helpful message; autorest/azure: Service returned an error. Status=400 Code="ApplicationGatewayFirewallManagedRuleSetsNoValidPrimaryRuleSetsAttached" Message="Firewall policy /subscriptions/yz/resourceGroups/rg-afd-env-01/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/waf-env-01 does not have any valid Primary Rule Set attached to it." Details=[]

All, I want to pitch an idea for general discussion - The azure-native v2 provider is awesome, and we want to use for all of our resources - but due to a bug in the azure api, we can't manage one critical resource type. The v1 provider worked flawlessly though - so, rather than downgrade everything, I was wondering if I could install both v1 and v2. If I feed a v2

Provider

into the options of a v1 resource, what would happen 😅

Creating a v1 provider and v2 provider side-by-side seems to be almost working. It wants to tear down and re-build the resource, since the provider changed - and I can't alias them to each other, as that throws a conflicting / duplicate resource error. I'm going to manually edit the statefiles such that it believes the provider hasn't changed; and we'll see what happens 🙂

Hi all. is there a command line based tool that has been released to convert an ARM template beyond the web site version?

HI all, I have this code to create an Azure postgres flexible db server, but nothing gets created: ResourceGroupName = resourceGroup.Name, AdministratorLogin = "cloudsa", Version = "15", CreateMode = "Create", AdministratorLoginPassword = "password1!@@!!s", // this is not the real password, but I used one which is validated in the portal ServerName = "kinderworxhealthcheckpgs-dev", Sku = new Pulumi.AzureNative.DBforPostgreSQL.Inputs.SkuArgs { Name = "Standard_B1ms", Tier = "GeneralPurpose", }, HighAvailability = new Pulumi.AzureNative.DBforPostgreSQL.Inputs.HighAvailabilityArgs { Mode = "ZoneRedundant", }, Storage = new Pulumi.AzureNative.DBforPostgreSQL.Inputs.StorageArgs { StorageSizeGB = 32, },

How do you guys manage tagging? I am using Azure, and adding tags for each resource is tedious. Anything you guys use?

Is there any way to create a new disk/VM from a backup/restorepoint? cannot find anything about this. I was looking around the https://www.pulumi.com/registry/packages/azure-native/api-docs/dataprotection/ module, but nothing stands out. Even in azure cli and REST API it seems convoluted, and it's a different API (Data Protection vs. Backup): https://learn.microsoft.com/en-us/azure/backup/backup-azure-arm-userestapi-restoreazurevms

Anyone know if there's a way to get a Dns Zone by it's name in Azure Native?

Is there a way to enable features on a whole subscription with Azure native? I’d like to enable EncryptionAtHost for my virtual machine (see https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli ) but I haven’t found the correct ressource for this 🤔

in case anyone is interested... Blog post on deploying AKS with the new WebApp Routing. https://martinjt.me/2023/09/11/creating-an-aks-cluster-with-webapplication-routing-using-pulumi/

Hello guys, I made a code to create a VM in Azure with the following order First I create the rule to connect to the RDP or SSH Then I create the public IP that will be associated with the VM's NIC Then I create that NIC and associate that IP Finally I create the VM with the components, it is created, there is no error in the creation, but when I want to execute the pulumi destroy command, this error appears can help me with this?

azure-native:network:NetworkInterface (NIC-VMWindows1-063-100-160):
     error: Code="NicInUse" Message="Network Interface /subscriptions/8e23e0ca-e424-495e-b142-813621dbb51f/resourceGroups/rg-archie-nonprod-eaus2/providers/Microsoft.Network/networkInterfaces/NIC-VMWindows1-063-100 -160 is used by existing resource /subscriptions/8e23e0ca-e424-495e-b142-813621dbb51f/resourceGroups/rg-archie-nonprod-eaus2/providers/Microsoft.Compute/virtualMachines/VMWindows1-063-archie-nonprod-eaus2-160- 4. In order to delete the network interface, it must be dissociated from the resource. To learn more, see <http://aka.ms/deletenic|aka.ms/deletenic>." Details=[]

Is there a way to prevent

azure-native.web.WebAppApplicationSettings

from wiping all the other settings in a Web App? It's applying the configs I am telling it to apply, but all the other configs (for example, those set by the application deployment) get completely wiped.

https://azure.microsoft.com/en-us/products/ai-services/ai-document-intelligence does anyone know the pulumi resource for this?